CVE-2025-59956

MEDIUM EPSS 31.6%
Published Sep 30, 20259mo ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Sep 30, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for the unauthorized exfiltration of sensitive user data, specifically local message history, which can include secret keys, file system contents, and intellectual property the user was working on locally. This issue is fixed in version 0.4.0.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
31.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-290
CWE-350

Affected Products 1

VendorProductVersionRange
coderagentapi* <0.4.0

References 7

  • github.blog https://github.blog/security/application-security/localhost-dangers-cors-and-dns-rebinding
    Technical Description
  • github.com https://github.com/coder/agentapi/commit/5c425c62447b8a9eac19e9fc5a2eae7f0803f149
    Patch
  • github.com https://github.com/coder/agentapi/pull/49
    Issue TrackingPatch
  • github.com https://github.com/coder/agentapi/releases/tag/v0.4.0
    Release Notes
  • github.com https://github.com/coder/agentapi/security/advisories/GHSA-w64r-2g3w-w8w4
    PatchVendor Advisory
  • mcpsec.dev https://mcpsec.dev/advisories/2025-09-19-coder-chat-exfiltration
    ExploitThird Party Advisory
  • mcpsec.dev https://mcpsec.dev/advisories/2025-09-19-coder-chat-exfiltration/
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/coder/agentapi/commit/5c425c62447b8a9eac19e9fc5a2eae7f0803f149
    Patch
  • github.com https://github.com/coder/agentapi/pull/49
    Issue TrackingPatch
  • github.com https://github.com/coder/agentapi/security/advisories/GHSA-w64r-2g3w-w8w4
    PatchVendor Advisory